Thursday, 17 September 2009

BinScope and MiniFuzz

Following on from seeing Michael Howard at TechEd last week, here's a couple of new tools to help with analysing your applications for security issues.

"BinScope is a verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations"

"MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected and potentially insecure application behaviours"

No comments: